package verification (was Re: Does the on-disk image of an executable ever change?)
Ben Scott
dragonhawk at gmail.com
Thu Nov 5 12:27:29 EST 2009
On Thu, Nov 5, 2009 at 10:57 AM, Alan Johnson <alan at datdec.com> wrote:
>> "rpm --verify all" is quite possibly the thing I like best about Red
>> Hat Linux vs every other OS.
>
> debsums should do the job on distros using the debian package system
The reason I consider debsums not-as-good is that debsums just
checks checksums (not all the other metadata), and it's never been on
by default on any system I've used. I've found package verification
is like backups; most people only think about it when it's too late.
This is not to say debsums is useless. It's a heck of a lot better
than nothing.
But if I sit down at *any* RPM-based system, I know I can type "rpm
--verify --all" and get useful results.
You can even use RPM as an IDS, if you like. You can copy the RPM
database to removable media, and you can point RPM at a different
database and/or filesystem root.
-- Ben
More information about the gnhlug-discuss
mailing list